3 Replies Latest reply on Aug 12, 2010 3:35 AM by JoeBidgood

    ePO Agent vs public repository

      Hello,

       

      I'd like to allow my remote laptop to communicate with my ePO server.

      To do so I added a new HTTP repository configured with the public ip address of my ePO server.

      I can see that the sitelist.xml on my laptop contains the two entries however I still have errors indicating that my agent is not able to reach my ePO server.

      I don't see any request in my firewall log, did I miss something?

      Is it possible to do it this way or I'll need to add a new entry in my public DNS ?

       

      ++

      Simon

        • 1. Re: ePO Agent vs public repository
          JoeBidgood

          Hi...

           

          Adding a repository will only allow the external machine to perform updates, I'm afraid - it won't be enough to allow the client machine to connect to ePO.

          If you have an externally-facing IP address for the server then you could certainly add a DNS record for this - the external machine will then try to connect to the "real" IP address of the server, fail, do a DNS lookup on the "real" FQDN and be given the external IP address, and comms will then succeed.

           

          Generally though exposing the ePO server to the outside world is something we strongly recommend against. A more secure approach would be to put an agent handler in a DMZ environment and allow the external machines to use that. (This is one of the exact scenarios that agent handlers were designed for.)

           

          Regards -

           

          Joe

          • 2. Re: ePO Agent vs public repository

            Hello Joe,

             

            thank you for your answer. I came to the same conclusion.

            In fact I already have an old architecture based on ePO 3.6 facing internet with a DNS record, so I think I'm gonna do the same ePO 4.5.

            I'm not familiar with agent handlers and I know it is a better way.

            In my understanding an agent handler is simply a new ePO server instance right?

            So if I follow this recommandation, I'll have 2 ePO servers to operate, one dedicated for the remote users and one dedicated for my internal users.

            I'm going to read the documentation, if I can install a remote agent handler on an existing server in my DMZ, it would be perfect.

             

            thanks,

            Simon

            • 3. Re: ePO Agent vs public repository
              JoeBidgood

              Hi...

               

              You won't have two servers to operate - only the one

              I would very strongly recommend reading the Agent Handler White Paper, found here - it's pretty much compulsory reading for anyone considering an AH deployment.

               

              Regards -

               

              Joe